Heads up! Many “optional non-security” updates are on the way

Topic

New Reply

These aren’t the wimpy download-only IE patches from yesterday. They’re the whole nine yards. Details coming.
[See the full post at: Heads up! Many “optional non-security” updates are on the way]

Reply | Quote

Replies

unlike the catalog only download patches released Mon 9/23, these new ones on 9/24 are available thru both Windows Update and MS Update Catalog. and new preview rollups for win7 (kb4516048) & win8.1 (kb4516041) are available as well on both MUC & WU.

1 user thanked author for this post.

woody

Reply | Quote

Can anybody verify for me if the Monthly Rollup Previews include the CVE-2019-1367 Internet Explorer fix?

Reply | Quote

https://support.microsoft.com/en-us/help/4516048/windows-7-update-kb4516048

The above documentation indicates no Internet Explorer fix.

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

1 user thanked author for this post.

woody

Reply | Quote

[EP]

I’ve checked the contents of the KB4516048 and KB4516041 cab files and the updated IE files (v11.0.9600.19467) are there. so the recent IE fixes are included in the preview rollups. it’s just that MS has not documented (or perhaps admitted) about that

if you need a 2nd opinion, ask abbodi86

• This reply was modified 3 years, 12 months ago by EP.

3 users thanked author for this post.

abbodi86, geekdom, woody

Reply | Quote

… and while we’re at it, can anybody explain to me why an “optional non-security” Win10 patch plugs a security hole?

Reply | Quote

OK so as respects Windows 10 ver 1803, I have KB4515058 the Sept CU, KB4522014 the replacement Sept CU to fix the IE problem, and now KB4516045 the latest Sept CU to fix all the previous plus more issues.

Susan more or less says we all need the IE fix whether IE is used or not.  So when is Woody going to make the Defcon call, and at this point probably needing a MS Catalog download if want to wait on the last CU fix KB4516045.

Also the Sept CU needed a Service Stack update which would automatically install with the original KB4516058.  Will it automatically install with any of the 3 above Sept KB’s?

If a MS Catalog download is now necessary, does the Service Stack now need to also be manually downloaded and installed first?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

[EP]

@Tex265: the KB4516045 update is available thru both windows update & MS Update catalog (cuz MS said so in their support article, unlike KB4522014 which was available thru the catalog site only):
https://support.microsoft.com/help/4516045/

simply check later or the next day for KB4516045 to become available thru WU

• This reply was modified 3 years, 12 months ago by EP.

1 user thanked author for this post.

Tex265

Reply | Quote

KB4516045 seems more like and Optional Preview.
So if I want the Sept CU and the IE fix, it is the KB4522014 via the Catalog, and per PKCano below a manual install of the latest Service Stack first.

OR if still possible install the original Sept CU KB4516058 (which will also install the Service Stack) then KB4522014. However KB4516045 may have now superceded KB4516058 as the available WUpdater?

Are there any problems reported with KB4516058 to worry about?

Windows 10 Pro x64 v22H2 and Windows 7 Pro SP1 x64 (RIP)

Reply | Quote

Servicing Stacks do not install automatically with manual CU installe. They are only automaic with updates through Windows Update. If you manually install you will also have to install the SSU FIRST.

3 users thanked author for this post.

Tex265, Microfix, woody

Reply | Quote

I’m just starting to see unconfirmed reports that CVE-2019-1367 is being used by the government-affiliated DarkHotel group. I don’t see any indication that the problem is widespread.

There’s no need for “normal” users to patch yet. That’s why the patch hasn’t been distributed widely.

Reply | Quote

It came out as optional as it required a reboot. The Sep 24 seeking version wasn’t mentioned.

Reply | Quote

ChrisAVWood wrote:

It came out as optional as it required a reboot. The Sep 24 seeking version wasn’t mentioned.

Which patch are you referring to?

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

Reply | Quote

The info I got from Microsoft was talking about the IE only fix. Available in the catalogue yesterday followed by WU and WSUS today. There was no mention of todays versions that include other optional fixes.

Reply | Quote

[geekdom]

There may be a mismatch between Microsoft documentation and patch contents. Read here:
#1963403

On permanent hiatus {with backup and coffee}
offline▸ Win10Pro 2004.19041.572 x64 i3-3220 RAM8GB HDD Firefox83.0b3 WindowsDefender
offline▸ Acer TravelMate P215-52 RAM8GB Win11Pro 22H2.22621.1265 x64 i5-10210U SSD Firefox106.0 MicrosoftDefender
online▸ Win11Pro 22H2.22621.1992 x64 i5-9400 RAM16GB HDD Firefox116.0b3 MicrosoftDefender

• This reply was modified 3 years, 12 months ago by geekdom.
• This reply was modified 3 years, 12 months ago by geekdom.

Reply | Quote

I don’t see the single-purpose IE patches coming through WU or WSUS. Do you?

Reply | Quote

me neither.

1 user thanked author for this post.

woody

Reply | Quote

KB4516077 wouldn’t install on a 32Gb laptop w/Win10-1809×64; no error identified and the progress seemed normal up to a complaint about more storage space required.  I’ll try to scrape some more out of that limited amount by offloading some apps I don’t use much, but the space issues of that particular laptop (and many others of comparable design) are a real pain with these Win10 updates, which is why it’s still at v1809 and not v1903 (the latter won’t install).

Reply | Quote

[woody]

This “non-security” update supersedes all previous monthly cumulative updates so it has to include security fixes.  Microsoft must be smoking ***** if they think that it can be called a “non-security” update.

 

• This reply was modified 3 years, 12 months ago by woody. Reason: Bowdlerizing

Reply | Quote

Well what most folks don’t realize is that Microsoft has a “Double secret probation” group for certain patches. These patches are so secret they don’t contain any information regarding the reason for patching.  Very confusing for some.  🙂

Red Ruffnsore

2 users thanked author for this post.

geekdom, woody

Reply | Quote

Those of us running Windows 7 now are to be warned, after patching, that: “You may also receive an error in the Event Log related to cryptnet.dll.”

If that means that something is written to a file without my noticing, and no unwelcome pop-up appears out of the blue when I am in the middle of something at the PC, then there might very well be millions of such warnings, for all I care.

Am I right in thinking this way?

Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

Reply | Quote

Full list of fixes on Neowin.net

Microsoft releases even more Windows 10 cumulative updates with tons of fixes

https://www.neowin.net/news/microsoft-releases-even-more-windows-10-cumulative-updates-with-tons-of-fixes

Reply | Quote

Although the article did not say it directly, but Windows 7 Rollup KB4516048 adds the support for Extended Security Updates (i.e. special MAK keys)

Windows 8.1 Rollup KB4516041 contain a backported Windows 10 feature (don’t panic, it’s not telemetry)
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/microsoft-windows-shell-setup-oobe-vmmodeoptimizations

i wonder why they didn’t document that yet, it’s nice feature

1 user thanked author for this post.

geekdom

Reply | Quote

I see Net Framework September 24tth patches like https://support.microsoft.com/en-ca/help/4516550/sep-24-2019-kb4516550-cumulative-update-for-net-framework for 1809

Reply | Quote